recaptcha_v3_flutter

Add reCAPTCHA v3 verification to your Flutter apps — simple client token fetching + server-side verification.

---

Table of contents

• What is this
• Features
• Install
• Usage (example)
• Important client-side notes
• Server-side verification
• Contributing
• License & changelog

---

What is this

recaptcha_v3_flutter is a tiny Flutter package that lets your app get a reCAPTCHA v3 token from the client and then you can send it to your backend to verify it. The goal: keep user experience frictionless while protecting endpoints (signups, logins, forms) from bots.

Note: reCAPTCHA v3 is invisible to users — it returns a score (0.0–1.0) instead of a challenge.

Features

• Fetch a reCAPTCHA v3 token for a given action from the client.
• Minimal API surface so you can integrate quickly.
• Example flow + server verification guidance included.

Install

Add the package to your pubspec.yaml.

flutter pub add recaptcha_v3_flutter

If the package is not published to pub.dev yet, use the Git dependency:

dependencies:
  recaptcha_v3_flutter:
    git:
      url: https://github.com/sumit024/recaptcha_v3_flutter.git
      ref: main

Then run:

flutter pub get

Android / iOS setup

These are general guidelines — adapt to your project.

Get Google recaptcha v3 API key

• Go to the recaptcha admin console at https://www.google.com/recaptcha/admin

• Sign in using your Google account credentials Add Label name (eg: app name) Selected recaptcha type as Challenge(V3),

• Add Domains: click on the “+ Add” button to register a website,

• For Testing purposes, we need to add a domain name as localhost In production, we can later add another real domain name (example.com)

• GOOGLE CLOUD PLATFORM: Add an app name and it will create a project to enable the required APIS

• Click Save and Submit

You will get two keys:

• site key : This is a public key used to show the captcha verification widget on your site. Store it in you .env file.
• secret key: This key is kept in your backend and is used for authentication communication between the application & recaptcha server to verify the user’s response

Usage (example)

import 'package:flutter/material.dart';
import 'package:recaptcha_v3_flutter/recaptcha_v3_flutter.dart';

// In your main() method
AppRecaptchaHandler.instance.setupSiteKey(
  dataSiteKey: 'YOUR_SITE_KEY',
);

// Somewhere in your widget tree
AppRecaptchaWidget(
  onTokenReceived: (token) {
  // Handle the received token
  },
  onError: (error) {
    // Display a toast message or handle error
  },
  onLoading: () {
    // Show a loading indicator
  },
),

ElevatedButton(
  onPressed: () {
    /// Execute the reCAPTCHA v3 using this method call
    AppRecaptchaHandler.executeV3(action: 'login');
  },
  child: const Text('Submit'),
),

Important client-side notes

• Tokens are short-lived (usually valid for ~2 minutes). Fetch a fresh token when needed.
• Use the action argument to label what the token is for. Check out https://cloud.google.com/recaptcha/docs/actions-website for different actions.

Server-side verification

Using the secret key, the token obtained using this package is verified using this Google API https://www.google.com/recaptcha/api/siteverify.

Contributing

PRs and issues welcome. A suggested workflow:

1. Fork the repo
2. Create a feature branch
3. Add tests (if applicable)
4. Open a PR with a clear description

License & changelog

See LICENSE and CHANGELOG.md in the repo for license details and release notes.

---